Joomla 5.4.4 bugfix & security release

On Tuesday, March 31, 2026, Joomla 5.4.4 and Joomla 6.0.4 were released. These are bugfix & security updates for the Joomla 5.x and 6.x series.

This is a maintenance update focused on reliability, security and small usability improvements, not new features.

Security fixes

• Joomla! Core - [20260301] - ACL hardening in com_ajax
  Improved access control checks in the AJAX component to prevent unauthorized actions; this reduces the risk of privilege escalation and ensures stricter permission enforcement.
• Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint
  A vulnerability that allowed malicious SQL queries via the articles API endpoint; this could expose or manipulate database data and is fixed by properly sanitizing input.
• Joomla! Core - [20260303] - XSS vector in com_associations comparison view
  A cross-site scripting issue in the language associations comparison screen; this could allow injection of malicious scripts when viewing item differences.
• Joomla! Core - [20260304] - XSS vectors in various article title outputs
  Multiple cross-site scripting vulnerabilities in how article titles are displayed; this could allow harmful scripts to run if titles were not properly escaped.
• Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
  A flaw that allowed deletion of unintended files during the update process; this could potentially remove critical files and has been restricted to safe operations only.
• Joomla! Core - [20260306] - Improper access check in webservice endpoints
  Incorrect permission validation in some API endpoints; this could allow unauthorized access to data or actions and is fixed by enforcing proper checks.

Bug fixes in the Joomla 5.4.4 release

Some improvements are:

• Various bugs fixed across the website and admin area
• Improved stability (fewer crashes, better background tasks)
• Fixed display issues (calendar, buttons, icons, layouts)
• Improved compatibility with browsers and tools
• Strengthened security (dependency updates)
• Improved email validation and system checks
• Cleaned up internal code and update process
• Updated translations for multiple languages

The full list of changes can be found in the 5.4.4 milestone on GitHub.

Upgrade to Joomla 6

The main goal of the Joomla 5.4.x releases is to enable future upgrades from Joomla 5.x to Joomla 6.x. We usually upgrade some of our own websites first to the new version. Joomla 6 is now stable. Depending on the compatibility of used extensions, we upgrade client websites to Joomla 6 when it is further developed, so from Joomla 6.1.

Need help with an update or migration to Joomla 6? Contact us!